SIS Engineering

Reducing systematic failures reduces risk

Embarking on a SIS project can raise unfamiliar or vaguely familiar terms such as SRS, SIF, 61511, and others. A SIS (Safety Instrumented System) is the hardware and software used to implement SIFs (Safety Instrumented Functions) in accordance with industry standards.

Conforming to the ISA/IEC 61511 standard throughout the lifecycle of a process safety project requires expertise and attention to detail every step of the way.

aeSolutions can help navigate all the parts of the ISA/IEC 61511 safety lifecycle. From preliminary engineering and design, through start up, to operation and maintenance of the SIS, clients trust aeSolutions’ intimate engineering knowledge and experience to ensure that they get the best return on their engineering and capital expenditures.

Contact us for a consultation today

Safety Instrumented Systems Lifecycle

logic controller - control systems as part of SIS system
SIS System Control Lifecycle

Allocations of Safety Functions to Protection Layers

Independent Protection Layer (IPL) Validation of Credits

BPCS/SIS Independence Assessment

Safety Requirement Specifications

Safety Requirements Specification (SRS)

Installation, Commissioning, and Validation

Proof Test Philosophy & Design

aeShield Software

ANSI/ISA-61511 Lifecycle Services

During the hazard and risk analysis phase of the safety lifecycle Independent Protection Layers (IPLs) are identified.  Claiming credit for one or more IPLs that do not provide the protection claimed will result in under-designed SIFs, increasing risk to the facility.  Claiming less credit for IPLs than is actually provided will result in over-designed SIFs, increasing capital cost.  aeSolutions has the expertise and experience to help you perform this critical task most effectively.

BPCS/SIS Independence Assessment

During hazard reviews protection layers implemented in both the BPCS (e.g. the DCS) and SIS are identified.  Determining if different protection layers are truly independent so that they are credited properly in the risk analysis can be complex.  With our experience in process automation and functional safety we can ensure this analysis is done correctly.

Safety Requirements Specification (SRS)

The SRS (clause 10 of ISA/IEC 61511) takes the results of the hazard and risk assessments and defines the requirements that the individual SIFs must meet.  The SRS is an input to the SIS design process but not all of the required information is available when design starts.  Our SIS Specialists have configuration, instrumentation, and operations experience, allowing them specify feasible solutions to complex SIF implementation problems.

The hazard and risk assessments identify the need for Independent Protection Layers (IPLs) to bring the risks associated with the various hazard scenarios in line with corporate risk tolerance guidelines.  Where one or more IPLs are determined to be SIFs aeSolutions has the experience and expertise to:

Confirm the SIL required for the SIF to avoid overdesign

Create a preliminary design for the SIF that conforms to ISA/IEC 61511

Identify the failure rates and parameters needed to calculate the Probability of Failure on Demand (PFD) of the SIF

 We use the most appropriate tool for calculating PFDs (or use the tool the client requires); for complex SIFs we can use Fault Tree Analysis for the calculations

Optimize the SIF to meet the desired proof test interval and spurious trip frequency

Recommend specific field devices for the SIF

Document the calculations including the data and parameters used C&E diagrams are frequently the input to developing the software to be implemented on a SIS logic solver (sometimes together with a narrative).  As such they are of critical importance to successful implementation of the SIFs in any functional safety project.  Our C&E templates have been developed from many years of experience to optimize ease-of-use for configuration, testing, operator training and turnover effectiveness. In cases where the functional complexity exceeds the capacity of C&Es, our staff is capable of selecting the most efficient alternate format.

Quantitative Risk Assessment (QRA) is a risk assessment methodology that allows for numerical estimates of the level of risk associated with a certain activity or series of activities to be estimated and then assessed.  Risk is a function of consequence and likelihood and aeSolutions has the experience and tools to evaluate both for a QRA. For example we can use the PHAST software to model chemical releases in evaluating consequences of an incident.  QRA can be a valuable decision support tool when evaluating complex hazard scenarios. 

Logic narratives are sometimes required in addition to cause and effect diagrams to explain the functioning of a SIS, particularly when there are field devices shared among SIFs or there are other types of interdependencies.  Sequential Function Charts (SFCs) are an example of logic diagrams that can be used to illustrate the functioning of a SIS.  SFCs are frequently used to document the various operating modes of fired equipment.  The aeSolutions staff is capable of selecting the best format, or combination of formats, to best meet the requirements of our clients. The Application Program Requirement Specification (APRS) is an extension of the SRS, and includes requirements for software applications used in a SIS.  aeSolutions can assist you in developing an APRS so that the resulting application meets the requirements of ISA/IEC 61511 and correctly implements the different SIFs.

The ISA/IEC 61511 standard (Clause 13)  requires that the need for a FAT should be identified during safety planning for a project, and also provides guidance on how a FAT should be planned and conducted.  Clause 15, SIS Safety Validation (also know as a SAT), provides similar guidance.  aeSolutions SIS engineers have the experience to develop these plans, oversee their execution as an independent 3rd party, or execute these tests.

The goal of a proof test of a SIF is to reveal previously undiagnosed dangerous hardware failures (those failures that would prevent the SIF from reacting to a hazard).  Proof test coverage (the fraction of these failures a given proof can reveal) and the interval at which proof tests are conducted are important inputs into determining if a SIF meets its required SIL.  Developing a proof test philosophy can provide for consistency in proof test procedures and how they are conducted.  aeSolutions' experts have the field experience to discuss the testing requirements, site practices and available technologies to determine and document a comprehensive testing philosophy.

We also have a library of proven proof test procedures to choose from when assembling a testing package, and we have the expertise to work with clients to implement effective testing, failure classification, and feedback mechanisms to validate reliability data claimed in Risk Analysis and SIL Verification.

Corporate SIS Project Standards Development

aeSolutions can help create or update the practices and procedures you need for compliance with the ISA/IEC 61511 standard.  For example:

  •   Risk Assessment Standards​

  •   SIL Selection Standards​

  •   Functional Safety Assessment Templates​

  •   SIS Design and Implementation Standards

Functional Safety Management Planning (FSMP)

The ISA/IEC 61511 standard identifies the management activities that are necessary to ensure that functional safety objectives are met:

  + Organization and resources
  + Risk evaluation and risk management
  + Safety Planning
  + Assessment, auditing and revisions
  + SIS configuration management

aeSolutions can assist you in developing a management plan to accomplish what the standard requires but tailored to your specific circumstances and resources.


The design and operation of Safety Instrumented Systems (SIS) requires an understanding of instrumentation failure characteristics, the Safety Lifecycle, probability mechanics, and the relevant international standards.

We offer training in the following areas, and we also offer training customized to your specific needs:
     - Safety Requirements Specification (SRS)
     - Calculations of the Probability of Failure on Demand (PFD)
     - Fault Tree Analysis
     - Determination of Architectural Constraints
     - Identifying and Modeling for Common Causes of Failure
     - Degraded Voting
     - Failure Rate Estimation

Featured Stories